1. Field of the Invention
The present invention relates to computer security and databases within computer systems. More specifically, the present invention relates to a method and apparatus for automatically encrypting and decrypting data to be stored in a database.
2. Related Art
Modern database systems store and retrieve vast quantities of information. Some of this information is sensitive, such as credit card numbers, bank balances, and nuclear secrets, and hence must be protected so that the information does not end up in the wrong hands.
Some database systems are able to restrict access to specific information by using access controls that are specified in security profiles assigned to each client. Such systems prevent a client from accessing information other than what has been authorized for the client. This normally protects the sensitive information and, therefore, leads users to trust the database system to ensure that information stored within the database system remains secret.
There is, however, a major weakness in these types of database systems. The data base administrator (DBA) has access to everything that is stored within the database system. This unrestricted access allows an unscrupulous DBA to steal information from the database system and to use the stolen information for illicit purposes. Note that is not practical to implement access controls for the DBA because doing so prevents the DBA from performing necessary database maintenance functions.
Sensitive information can be kept secret from the DBA by encrypting the sensitive information within the user application at the client. In this approach, all sensitive information is stored in an encrypted form within the database system and is consequently protected from examination by the DBA. This approach has the advantage that the DBA is not restricted from performing database maintenance functions. A major drawback to this approach, however, is that all user applications that handle sensitive information need to be able to encrypt and decrypt information. Providing such encryption and decryption code in all of the numerous applications that handle sensitive data is very inefficient.
What is needed is a method and an apparatus that allows a DBA to have unrestricted access to the database system while protecting sensitive information within the database system in an efficient manner.